Source: shadow Version: 1:4.2-3 Severity: grave Tags: upstream security Justification: user security hole
Hi, the following vulnerability was published for shadow. The same issue as found in util-linux's su is present for su from shadow. The fix is going to be commited to shadow's master branch is the git repo. CVE-2017-2616[0]: Sending SIGKILL to other processes with root privileges via su If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2616 Regards, Salvatore
